summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--man/sysctl.d.xml21
-rw-r--r--man/systemctl.xml28
2 files changed, 40 insertions, 9 deletions
diff --git a/man/sysctl.d.xml b/man/sysctl.d.xml
index 8a131791a5..e5b2bc0ac9 100644
--- a/man/sysctl.d.xml
+++ b/man/sysctl.d.xml
@@ -123,11 +123,12 @@
</example>
<example>
- <title>Disable packet filter on bridged packets (method one)</title>
+ <title>Apply settings available only when a certain module is loaded (method one)</title>
<para><filename>/etc/udev/rules.d/99-bridge.rules</filename>:
</para>
- <programlisting>ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/net/bridge"
+ <programlisting>ACTION=="add", SUBSYSTEM=="module", KERNEL=="br_netfilter", \
+ RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/net/bridge"
</programlisting>
<para><filename>/etc/sysctl.d/bridge.conf</filename>:
@@ -137,14 +138,20 @@
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
</programlisting>
+
+ <para>This method applies settings when the module is
+ loaded. Please note that unless the <filename>br_netfilter</filename>
+ module is loaded, bridged packets will not be filtered by
+ netfilter (starting with kernel 3.18), so simply not loading the
+ module is suffient to avoid filtering.</para>
</example>
<example>
- <title>Disable packet filter on bridged packets (method two)</title>
+ <title>Apply settings available only when a certain module is loaded (method two)</title>
<para><filename>/etc/modules-load.d/bridge.conf</filename>:
</para>
- <programlisting>bridge</programlisting>
+ <programlisting>br_netfilter</programlisting>
<para><filename>/etc/sysctl.d/bridge.conf</filename>:
</para>
@@ -153,6 +160,12 @@ net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
</programlisting>
+
+ <para>This method forces the module to be always loaded. Please
+ note that unless the <filename>br_netfilter</filename> module is
+ loaded, bridged packets will not be filtered with netfilter
+ (starting with kernel 3.18), so simply not loading the module is
+ suffient to avoid filtering.</para>
</example>
</refsect1>
diff --git a/man/systemctl.xml b/man/systemctl.xml
index e18ef6f898..66a090049d 100644
--- a/man/systemctl.xml
+++ b/man/systemctl.xml
@@ -114,12 +114,30 @@
<listitem>
<para>When showing unit/job/manager properties with the
- <command>show</command> command, limit display to certain
- properties as specified as argument. If not specified, all
- set properties are shown. The argument should be a
+ <command>show</command> command, limit display to properties
+ specified in the argument. The argument should be a
comma-separated list of property names, such as
- <literal>MainPID</literal>. If specified more than once, all
- properties with the specified names are shown.</para>
+ <literal>MainPID</literal>. Unless specified, all known
+ properties are shown. If specified more than once, all
+ properties with the specified names are shown. Shell
+ completion is implemented for property names.</para>
+
+ <para>For the manager itself,
+ <command>systemctl show</command> will show all available
+ properties. Those properties are documented in
+ <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+ </para>
+
+ <para>Properties for units vary by unit type, so showing any
+ unit (even a non-existent one) is a way to list properties
+ pertaining to this type. Similarly showing any job will list
+ properties pertaining to all jobs. Properties for units are
+ documented in
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ and the pages for individual unit types
+ <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ etc.</para>
</listitem>
</varlistentry>